ESET Research has uncovered a collection of malicious Python projects circulating through PyPI, the official Python package repository. This threat is designed to compromise both Windows and Linux systems, delivering a customized backdoor with cyberespionage capabilities. The malicious software enables remote command execution, file exfiltration, and, in certain instances, allows the capturing of screenshots. Some instances culminate in deploying the notorious W4SP Stealer, dedicated to pilfering personal data and credentials, or a straightforward clipboard monitor geared towards cryptocurrency theft, or a combination of both. ESET identified 116 files, including source distributions and wheels, distributed across 53 projects on PyPI, all containing malware. Over the past year, these files have been downloaded over 10,000 times, with an average daily download rate of around 80 since May 2023.
PyPI, a widely used platform for Python programmers to share and obtain code, is susceptible to malware infiltration as it allows contributions from anyone. Malicious packages often camouflage themselves as legitimate and popular code libraries. ESET researcher Marc-Étienne Léveillé, who discovered and analyzed these malevolent packages, emphasizes that the installation of such packages by potential victims is not typically due to typo squatting but rather through social engineering, where users are guided to run pip and install a seemingly “interesting” package.
As of the research publication, most of the implicated packages had been removed by PyPI. ESET collaborated with PyPI to address the remaining threats, and currently, all known malicious packages are offline.
The operators behind this campaign employed three techniques to integrate malicious code into Python packages. The first method involves inserting a “test” module with lightly obfuscated code within the package. The second method embeds PowerShell code in the setup.py file, which is automatically executed by package managers like pip during Python project installations. The third method involves excluding legitimate code, leaving only the malicious code in a mildly obfuscated form.
The ultimate payload typically manifests as a custom backdoor capable of remote command execution, file exfiltration, and, occasionally, screenshot capture. On Windows, the backdoor is implemented in Python, while on Linux, it’s coded in the Go programming language. Alternatively, some cases involve the use of the W4SP Stealer variant or a straightforward clipboard monitor targeting Bitcoin, Ethereum, Monero, and Litecoin cryptocurrencies.
In light of these findings, ESET advises Python developers to thoroughly scrutinize code before installation, anticipating ongoing abuse of PyPI. Caution is recommended when installing code from any public software repository.